AWS Certified Developer Associate DVA-C02 Practice Question
A financial services company needs a secure way to manage the lifecycle of the encryption keys that protect its data in AWS. The security team wants the key material to refresh automatically on a predictable schedule without requiring any application changes. Which action will meet this requirement?
Create a schedule to run the RotateKeyOnDemand API for the AWS-managed KMS key every quarter
Enable automatic rotation for a customer-managed KMS key
Add a condition to the key policy that sets the rotation frequency to 90 days
Develop a custom script that re-creates the encryption key and updates all references each year
AWS Key Management Service (AWS KMS) lets you turn on automatic rotation for a customer-managed symmetric encryption key. When automatic rotation is enabled, AWS KMS generates new cryptographic material for the key at the rotation interval (365 days by default, or a custom period that you specify between 90 and 2,560 days). Because AWS KMS stores previous key-material versions and automatically selects the right version during decrypt operations, no code or configuration changes are needed in the applications that use the key.
AWS-managed KMS keys already rotate automatically every year and do not allow you to change the schedule or initiate rotation manually. Writing custom scripts or editing the key policy does not provide automatic rotation and adds operational overhead without changing AWS KMS rotation behavior.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS KMS?
Open an interactive chat with Bash
How does automatic key rotation in AWS KMS work?
Open an interactive chat with Bash
What is the difference between customer-managed and AWS-managed KMS keys?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .